Aníbal Irrera

377 posts

Aníbal Irrera banner
Aníbal Irrera

Aníbal Irrera

@airrera

Security Researcher at @Immunityinc @AppgateSecurity

Katılım Aralık 2009
848 Takip Edilen282 Takipçiler
Matias Soler
Matias Soler@gnuler·
Just dropped a blog post on reproducing a known voltage glitching attack to bypass APPROTECT on the nRF52840! 😎 Spent hours soldering & debugging to get it right. Not novel, but a messy journey—check it out: matiassoler.com/posts/approtec…
English
2
30
78
14.1K
Aníbal Irrera retweetledi
XBOW
XBOW@Xbow·
XBOW autonomously discovered CVE-2024-50334, a critical authentication bypass in Scoold, an open-source Q&A webapp used by major companies like Cisco and IBM. Our latest blog post details how it found the flaw: xbow.com/blog/xbow-scoo…
English
3
42
146
61.2K
Aníbal Irrera retweetledi
Niemand
Niemand@niemand_sec·
This is an experiment we did with all the benchmarks, removing descriptions showed us that XBOW performs just as well as with descriptions. This is one of my favorite examples, it is fully capable of understanding how GraphQL works and exploit an IDOR creating custom queries
XBOW@Xbow

Real vulnerabilities don’t come with hints—so we asked XBOW to solve this task without giving it even a description of the benchmark. It performed just as well, finding exploiting an GraphQL-based IDOR vulnerability entirely autonomously: bit.ly/3XYPTQJ

English
1
2
21
3.1K
Aníbal Irrera retweetledi
Niemand
Niemand@niemand_sec·
Se viene la World Cup de @Hacker0x01 de nuevo🚨🚨 - Queres participar de scopes copados? - Queres ganarte entradas a los LHE? - Queres ser parte de la comunidad? Comenta este tweet o manda DM. Tambien podes unirte a h1.community/argentina-hack… Se agradecen los retweet 🙏
Niemand tweet media
Español
4
7
29
5.5K
Nico Waisman
Nico Waisman@nicowaisman·
I'm pleased to share that I have recently become a part of the Review Board for USA BlackHat. I will be focused on submissions related to Cloud Security, Appsec, and Exploit Development. Looking forward for your submissions! #Waisman" target="_blank" rel="nofollow noopener">blackhat.com/review-board.h…
English
11
6
95
6.2K
Aníbal Irrera retweetledi
LeFF
LeFF@LautaroFain·
Latest Anvil blogpost on how @Alex91dotar and I found two new CVEs in GOG Galaxy 2.0 is right out of the oven! I can stress enough how much I enjoy merging my passion for gaming with my passion for security! Give it a read and tell us what you think! anvilsecure.com/blog/galactica…
English
4
5
25
2.1K
Aníbal Irrera retweetledi
Niemand
Niemand@niemand_sec·
Gente se viene la World Cup de nuevo! Con premios que todavia no puedo contar pero que estan 🔥🔥 Tenes ganas de participar y conocer mas gente de la comunidad? Comenta asi te agrego al discord de @Hacker0x01. Mas info pronto, stay tuned! #BugBounty Se agradecen los retweet 🙏
HackerOne@Hacker0x01

The #AmbassadorWorldCup is back! 🙌 March marks the beginning of 9 months of epic competition. Are you up for the challenge? Ambassadors all over the world are recruiting teams now. Contact your regional leader to join in. More details coming soon. 👀 bit.ly/3lMs6lO

Español
2
5
18
4.1K
Aníbal Irrera retweetledi
Andrés Blanco
Andrés Blanco@6e726d·
¿Queres aprender sobre hardware hacking? ¿Tu empresa o productos utiliza hardware de terceros y no sabes cómo auditarlos? ¿Tenes dispositivos IoT en tu red y queres hacer un pentest? Anótate en mi training de la @ekoparty y aprende de forma práctica. ekoparty.org/en_US/eko2022/…
Español
0
14
25
0
Aníbal Irrera retweetledi
James Forshaw
James Forshaw@tiraniddo·
Just opened 8 bugs I found in Windows Credential Guard. Ranged from arbitrary code exec in VSM to Kerberos key disclosure attacks. Probably my favorite was abusing the NTLMv1 API to leak an AES128 key which is what I was cracking in the quoted tweet😁 bugs.chromium.org/p/project-zero…
James Forshaw@tiraniddo

I must say, crack.sh is pretty impressive. 45 seconds for a NTLMv1 hash :) Of course if anyone can tell me what the password was I'd appreciate it, seems I've forgotten😂

English
6
104
355
0
Aníbal Irrera retweetledi
LeFF
LeFF@LautaroFain·
Querés aprender sobre sistemas embebidos para arrancar un research o aplicarlo a tu laburo? Confía tranquilo que @6e726d te puede dar todas esa sabiduría en este curso de la Eko! Puro 🔥, no te vas a arrepentir!
Ekoparty | Hacking everything@ekoparty

EKOPARTY TRAININGS 2022 ⚡¡Formate con los mejores referentes de la industria! 📌INTRODUCCIÓN PRÁCTICA A LA AUDITORÍA DE SISTEMAS EMBEBIDOS by Andrés Blanco (@6e726d) +info en: ekoparty.org/r/raM Reservá tu lugar➡️ ekoparty.org/r/64N

Español
0
1
3
0
Aníbal Irrera retweetledi
Orange Tsai 🍊
Orange Tsai 🍊@orange_8361·
Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆
English
19
534
1.6K
0
Aníbal Irrera
Aníbal Irrera@airrera·
Muchas gracias a la organización de la @securityjam y en especial a @intthree por el regalo para los speakers! Gracias Albert! Hermoso! 😊
Aníbal Irrera tweet media
Español
1
1
13
0
Aníbal Irrera retweetledi
Security Jam
Security Jam@securityjam·
Gracias @Immunityinc por ser parte historica y por apoyar nuevamente a la JAM . 🙏
Security Jam tweet media
Español
0
2
9
0
Aníbal Irrera retweetledi
Security Jam
Security Jam@securityjam·
📢Abrimos los CFP 💌 👋Veni y contanos que estas haciendo. Como intentas innovar o como fallaste intentando. Como buscaste un bug o simplemente algún tema que interese dar. Mientras este levemente relacionado con la seguridad informática ,todo vale.
Security Jam tweet media
Español
0
9
9
0
Aníbal Irrera retweetledi
Security Jam
Security Jam@securityjam·
🚨🚨🚨18 de Marzo , 18.30HS🚨🚨🚨 🤖Security Jam 2022 - Edición Marzo 👾 Mini-charlas levemente relacionadas con seguridad. De gente 🧠y con much@ ❤️‍🔥 para dar. 🙏No te olvides de tu entrada para la para las consumiciónes, se acaban rápido. 👇 eventbrite.com.ar/e/security-jam…
Security Jam tweet media
Español
0
20
33
0

Keşfet

@gnuler @Hacker0x01 @nicowaisman @LautaroFain @Alex91dotar @ekoparty @6e726d @securityjam